[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Bug,- Security Risk, or May Bad?

Subject: Re: [cobalt-users] Bug,- Security Risk, or May Bad?
From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
Date: Tue Mar 28 19:09:41 2000
Organization: nobaloney.net

Sonny Kupka wrote:

> Neither the Site or the Admin user has Telnet/Shell rights.
> 
> To me this is a bug and a very big security issue.

I just tested this.  I booted my virgin RaQ3i.

I created a dummy site.  <www.foobar.com> at IP# 192.168.0.99.  I
specifically left unchecked the shell access option.

I created a user, Joe User (username: joe).

I tried telnetting in as Joe.  I got a "you're not allowed" message.

If you're not having the same experience, you need someone either from
Cobalt or some third-party support company <ahem> to look at your RaQ3.

Jeff
-- 
Jeff Lasman <jblists@xxxxxxxxxxxxx>
nobaloney.net
P. O. Box 52672
Riverside, CA  92517
voice: (909) 787-8589  *  fax: (909) 782-0205

Follow-Ups:
- Re: [cobalt-users] Bug,- Security Risk, or May Bad?
  - From: Sonny Kupka

References:
- [cobalt-users] Bug,- Security Risk, or May Bad?
  - From: Sonny Kupka
- RE: [cobalt-users] Bug,- Security Risk, or May Bad?
  - From: Sonny Kupka
- Re: [cobalt-users] Bug,- Security Risk, or May Bad?
  - From: Sonny Kupka

Prev by Date: Re: [cobalt-users] How to create DNS entry via cgi script?
Next by Date: RE: [cobalt-users] Raq 3: User already exists
Previous by thread: Re: [cobalt-users] Bug,- Security Risk, or May Bad?
Next by thread: Re: [cobalt-users] Bug,- Security Risk, or May Bad?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index